Reality check on SOC AI; Enterprise News; runZero and Imprivata RSAC interviews – HD Moore, Joel Burleson-Davis, Erik Bloch – ESW #408
Segment 1: Erik Bloch Interview
The math on SOC AI just isn't adding up. It's not easy to do the math, either, as each SOC automation vendor is tackling alert fatigue and SecOps assistants a bit differently. Fortunately for us and our audience, Erik Bloch met with many of these vendors at RSAC and is going to share what he learned with us!
Segment 2: Enterprise Weekly News
In this week's enterprise security news, 1. Some interesting new companies getting funding 2. Chainguard isn’t unique anymore 3. AI slop coming to open source soon 4. Wiz dominance analysis 5. the IKEA effect in cybersecurity 6. LLM model collapse 7. vulnerabilities 8. DFIR reports 9. and fun with LinkedIn and prompt injection!
Segment 3: RSAC Interviews
runZero Interview with HD Moore
Despite becoming a checkbox feature in major product suites, vulnerability management is fundamentally broken. The few remaining first-wave vulnerability scanners long ago shifted their investments and attention into adjacent markets to maintain growth, bolting on fragmented functionality that's added complexity without effectively securing today's attack surfaces. Meanwhile, security teams are left contending with massive blind spots and disparate tools that collectively fail to detect exposures that are commonly exploited by attackers. Our industry is ready for change.
Jeff and HD explore the current state of vulnerability management, what’s required to truly prevent real-world incidents, new perspectives that are challenging the status quo, and innovative approaches that are finally overcoming decades old problems to usher in a new era of vulnerability management.
Segment Resources:
- Read more about runZero's recent launch, including new exposure management capabilities: https://www.runzero.com/blog/new-era-exposure-management/
- Watch a two-minute summary and deeper dive videos here: https://www.youtube.com/@runZeroInc
- Tune into runZero's monthly research webcast, runZero Hour, to hear about the team's latest research findings and additional debate on all things exposure management: https://www.runzero.com/research/runzero-hour/
Try runZero free for 21 days by visiting https://securityweekly.com/runzerorsac. After 21 days, the trial converts into a free Community Edition license that is great for small environments and home networks.
Imprivata interview with Joel Burleson-Davis
Organizations in mission-critical industries are acutely aware of the growing cyber threats, like the Medusa ransomware gang attacking critical US sectors, but are wary that implementing stricter security protocols will slow productivity and create new barriers for employees. This is a valid concern, but organizations should not accept the trade-off between the inevitability of a breach by avoiding productivity-dampening security measures, or the drop in employee productivity and rise in frustration caused by implementing security measures that might mitigate a threat like Medusa. In this conversation, Joel will discuss how organizations can build a robust security strategy that does not impede productivity. He will highlight how Imprivata’s partnership with SailPoint enables stronger enterprise identity security while enhancing efficiency—helping organizations strike the right balance.
This segment is sponsored by Imprivata. Visit https://securityweekly.com/imprivatarsac to learn more about them!
HD Moore is a pioneer of the cybersecurity industry who has dedicated his career to vulnerability research, network discovery, and software development since the 1990s. He is most recognized for creating Metasploit and is a passionate advocate for open-source software and vulnerability disclosure.
HD serves as the CEO and founder of runZero, which provides a single source of truth for exposure management across your total attack surface. Delivering in-depth visibility into every asset and exposure, runZero helps you mitigate risks faster, meet compliance requirements, and ensure you continuously discover critical insights that others miss—including unknown and unmanageable devices and elusive exposures that evade traditional tools.
Prior to founding runZero, HD held leadership positions at Atredis Partners, Rapid7, and BreakingPoint. HD has also been a frequent speaker at industry events such as Black Hat and DEF CON. HD’s professional journey began with exploring telephone networks, developing exploits for the Department of Defense, and hacking into financial institution networks.
Joel Burleson-Davis is the SVP of Worldwide Engineering, Cyber at Imprivata where he’s responsible for building, delivering, and evolving the suite of Imprivata’s cybersecurity products that include Privileged Access Security, Access Compliance, and AI-powered analytics solutions. Prior to joining Imprivata, Joel was Chief Technical Officer at SecureLink, the leader in critical access management for organizations in need of advanced solutions to secure access to their most valuable assets, including networks, systems, and data. While at SecureLink, Joel was responsible for the overall technology and operational strategy and execution, including direction and oversight for Product Development, Quality Assurance, IT and Cybersecurity Operations, Compliance, and Customer Success.
Before SecureLink, Joel held Systems Engineering, IT Consulting, and Instructor positions while serving as one of the founding members of The Linux Foundation certification committee, a global committee of key Linux subject matter experts. Joel earned a Master of Liberal Arts degree in Systems Theory and Technology from St. Edward’s University, and a Bachelor of Arts degree in Philosophy and Religious Studies from Texas Lutheran University.
Erik has been in the security space for 35 years, starting in the Army back in 1990. While today he leads the security organization for Illumio, he’s previous lead Security Operations teams at Atlassian, Sprinklr, Salesforce and Cisco. He’s also been on the product side of things, attempting to make better products for people like him. Over the years, he has tracked what’s worked and what hasn’t, and now loves to share his thoughts, data and experiences with anyone who will listen. He currently resides in the bay area in California with his two kids who keep him busy. When he’s not working or running around with his kids, Erik loves to advise startups, get out on his motorcycle, play paintball, or hit the gym.
Adrian Sanabria
- FUNDING: Courtesy of the Security, Funded newsletter, issue #194 – Did AI Just Free Willy?
Vibe Check
Q: What’s the biggest lie we tell ourselves in cybersecurity?
This one was extremely close. "We're aligned with the business" won, with "you can measure everything" close behind it. "Users are the weakest link" and "our risk model is accurate" were closely tied.
Next week's vibe check asks, "which area of security is most overdue for reinvention" - go vote! (I'm not telling you how to vote, but I submitted a write-in for vulnerability management)
Funding
- Theom, a United States-based cloud data protection platform, raised a $20.0M Series A from Wing Venture Capital. "Traditional Data Governance and DSPM tools weren't designed for today's dynamic environments" <-- OH COME ON - are we really talking Next-Gen DSPM already? DSPMv2???
- Openlayer, a United States-based AI application testing, governance, and compliance platform, raised a $14.5M Series A from Race Capital
- ClearVector, a United States-based identity threat remediation platform, raised a $13.0M Series A from Scale Venture Partners
- Wirespeed, a US-based MDR automation startup, raised an undisclosed seed
Acquisitions
- Keyfactor acquired both InfoSec Global (secrets discovery & management) and CipherInsights (certificate discovery & management) for an undisclosed sum
- NEW PRODUCTS: Introducing WizOS: Securing Wiz from the ground up with hardened, near-zero-CVE container base images.
Looking like Wiz and Docker are now competing with Chainguard, which kinda makes you wonder about the amount of money Chainguard just raised, and whether they can outcompete Wiz.
With that said, Chainguard has moved past the OS and is now focused on providing secure libraries as well. Python is the latest area they've moved into.
- NEW FEATURES: GitHub wants to spam open source projects with AI slop
"If AI is so great at coding, why isn't it contributing to open source software?"
Uh oh...
- MARKET ANALYSIS: The Wiz March to Market Dominance
Some great hindsight analysis by ESW ex-cohost Tyler Shields
- ESSAYS: IKEA effect in cybersecurity or why we love the things we build
- ESSAYS: The Collapse of GPT – Communications of the ACM
New LLMs are already getting trained on content produced by AIs - at what point does this degrade the value of LLMs? Where do foundation model creators get better quality data?
- VULNERABILITIES: Oracle Database TNS vulnerability could leak data to further attacks
You really, really, really shouldn't have TCP 1521 open to ANYTHING other than database admins and applications that need it.
Also, you should patch your Oracle databases
- VULNERABILITIES: Researchers bypass Intel’s Spectre fixes — six years of CPUs at risk
Just when you thought speculative execution vulnerabilities were done disrupting systems and ruining performance, researchers find a way to extend the pain!
- DETECTION ENGINEERING: Another Confluence Bites the Dust: Falling to ELPACO-team Ransomware
The latest amazing analysis from The DFIR Report
- RESEARCH: Guy puts prompt injection into his LinkedIn profile and receives private RSA keys
Amazing.
- DUMPSTER FIRES: Postman is logging all your secrets and environment variables
- LEGAL: DEF CON defeats Chris Hadnagy’s defamation lawsuit
- SQUIRREL: Kids Say They’re Using Photos of Trump and Markiplier to Bypass ‘Gorilla Tag’ Age Verification
